gnutls-serv and gnutls-client fail with "Detected downgrade to TLS 1.2 from TLS 1.3"
Description of problem:
If a client attempts to connect to a server with 1.2 and 1.3 in the priority string, it fails with the error 'Detected downgrade to TLS 1.2 from TLS 1.3'
I think this is because the priority string specifies 1.2 before 1.3, so while the client advertises itself as supporting both versions, the server picks the first one and responds using 1.2, which the client then thinks is an illegal downgrade.
It's possible to work-around this by changing the client priority string to have 1.3 first (ie as the preferred version), but that means that the connection will be established using the oldest version that client and server support, ot the newest/best, which seems undesirable.
If this is the case, there may be various ways to address the issue: a. the server could ignore offers of older versions and select the highest one the client says it supports b. the client could always offer higher versions before lower versions c. the client could recognise that, if it offered 1.2 to the server, then a response of 1.2 is not a downgrade
Version of gnutls used:
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Built from source
Steps to Reproduce:
set gnutls-serv using --priority="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" connect to it with gnutls-cli using --priority="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2"
|<1>| Detected downgrade to TLS 1.2 from TLS 1.3 *** Fatal error: An illegal parameter has been received.